• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 861
  • Last Modified:

Admin Rights in GPO to Run a .BAT File

Hello,

I am trying to run a simple .BAT file that will get rid of previous versions of Java and I want to use Group Policy to distribute it.  I have it setup as a startup script in the Group Policy Manager and it works great ... as long as the user logs in with the local or domain Admin account :S

I thought using the startup script in GPM automatically used system admin rights.  Did I miss a step there?

I've tried to find a few simple solutions across the web, but they all seem to involve putting the admin account info in the BAT file ... something I do NOT want to do.

BTW, I am far from a programmer (my BAT file simply has one command in it).  So bear with me.  Also running a Windows 2008 R2 environment and the client machines are Win7.

Any help would be appreciated.
0
qec-dpenney
Asked:
qec-dpenney
  • 3
  • 2
1 Solution
 
oBdACommented:
You're not using a startup script then, but a logon script.
Look under "Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)".
The startup script will run with System rights, and it will run without a user logging on.
Use this batch file as a template; it will create a startup.log file in %Systemroot%\Temp:
>>"C:Windows\Temp\startup.log" echo Startup script started at %Date% %Time%
>>"%Systemroot%\Temp\startup.log"  echo Running as:
whoami.exe >>"%Systemroot%\Temp\startup.log"
REM Your Java command:

Open in new window

Then assign the GPO to a test computer and reboot the machine. You can check whether the script ran without logging on; in an elevated command prompt, enter type \\TestMachine\Admin$\Temp\startup.log.
0
 
qec-dpenneyAuthor Commented:
Here is the odd thing ... it is setup under the Startup script ... and I assume the BAT is running at start up since the login in process really takes no time at all to load.  However, If I log as the user, Java is not removed, if I log as either the local or domain admin, Java is removed.

I will try your test BAT though and get back to you, just to make sure I didn't mess anything up.
0
 
Donald StewartNetwork AdministratorCommented:
Are you using the script here to remove Java ??

http://community.spiceworks.com/scripts/show/1449-uninstall-java-6
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
qec-dpenneyAuthor Commented:
Yes, but just the command line.  This is my '.BAT file';

wmic product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive

wmic product where "name like 'Java(TM) 7%%'" call uninstall /nointeractive

wmic product where "name like 'Java 7%%'" call uninstall /nointeractive

exit
0
 
oBdACommented:
Try this then; it adds some more logging:
@echo off
>>"C:Windows\Temp\startup.log" echo Startup script started at %Date% %Time%
>>"%Systemroot%\Temp\startup.log"  echo Running as:
whoami.exe >>"%Systemroot%\Temp\startup.log"
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java(TM) 6%%%%' ...
wmic product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java(TM) 7%%%%' ...
wmic product where "name like 'Java(TM) 7%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java 7%%%%' ...
wmic product where "name like 'Java 7%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo Startup script ended at %Date% %Time%

Open in new window

0
 
qec-dpenneyAuthor Commented:
It looks like it is now working.  Thanks for your help with this.  I updated my BAT file with your improved logging BAT file (didn't change any of the GPO settings though) and it looks like it is working.

I think my issue was I was expecting the GPO update to occur too quickly.  With my testing, I had to reboot 3 or 4 times in order for the update to occur, but I kept logging in as a local user (no admin rights) and eventually all Java instances disappeared.

Your logging BAT file helped me determine if it was running and if it was successful (had a couple of 1603 instances instead of 0 ... that may have been an issue as well)

Thanks for your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now